How to set up a Windows Domain on AWS
0 likes340 views
This document outlines the process of setting up a Windows domain in Amazon Web Services (AWS), highlighting key prerequisites such as configuring a Virtual Private Cloud (VPC) and instances needed for the domain controller and clients. It details the configuration steps for the domain controller, including the installation of Active Directory Domain Services and adding clients to the domain. Unlike setting up a Windows domain on Microsoft Azure, which is more straightforward, the process in AWS involves additional considerations related to cloud infrastructure and firewall settings.
How to set up a Windows Domain on AWS
- 1. Setting up a Windows Domain in AWS "A Windows domain is a form of a computer network in which all user accounts, computers, printers and other security principals, are registered with a central database located on one or more clusters of central computers known as domain controllers". (Wikipedia) Based on this definition, in order to have a Windows Domain, we need the following configuration: 1. Domain Controller 2. Add Computers to the domain The configuration above seems to be straight forward except that we are in the cloud and more importantly we are on Amazon Web Service (AWS), not on Microsoft Azure (Azure). Why is this important? Windows Domains are easy to setup on Azure because they are Microsoft products thus they are natively suited for that environment. This does not mean that we can't setup a good Windows Domain on AWS. The following lines will demonstrate how to do this. Prerequisites for a Windows Domains on AWS Because this is a short article, I will assume that you are able to do the following: • Setting up a Virtual Private Cloud (VPC) • Setting up Internet Gateway • Setting up Subnets and understand the principles behind it • Configure a Route table and its rules • Setting up Security Group Provisioning your Datacenter (your VPC) I will use spot instances for this demo because they are cheaper and they allow me to use powerful instances. I will request spot instances fleet of 3 instances as below: Request Id :sfr-3ceeb6f0-b8d4-4c1e-87e5-ebec086ce481 Request type: fleet Created :8/24/2017, 12:27:50 PM State: Active Status: Fulfilled Target capacity: 3 Allocation strategy: lowestPrice Instance type(s): m3.medium AMI ID ami-ef7cf4f9 Subnet subnet-rf33f44ebc
- 2. IAM fleet role : aws-ec2-spot-fleet-tagging-role Max price : $0.1 Persistence maintain Key pair name keypair IAM role EC2AdminAccessRole EBS-optimized no Request valid from 8/24/2017, 12:24:55 PM Request valid until 8/25/2018, 12:24:55 PM Terminate instances at expiration yes Comments about the fleet request I have requested a 3 m3. medium instances and I decided that I wanted to maintain them. I set the maximum bidding price to $0.1/hour per instance. My fleet request is only valid for 24 hours. Instances role • 1 instance will be the domain controller • 1 instance will be a SAN server and a domain client • 1 instance will be a SAN client and a domain client More on the SAN server and client in my next article (I will put the link of this article here). Configure the domain controller Now that I have my instances created, I will configure my domain controller. I don't need a very powerful server because my EC2 instance will only be a domain controller. EC2 Description: Operating System: Microsoft Windows Server 2016 Datacenter Hardware Information: Xen HV domU Processors: Inter ® Xeon ® CPU ES-2670v2@2.50GHz Installed Memory (RAM): 3.75 GB Total disk space: 30 GB Domain controller configuration 1. Login in to the EC2 instance using the Remote Desktop file that I download the from AWS EC2. 2. Click on Start >> Server Manager 3. The following screenshots show the steps that leads to the creation of the new Forrest ( New domain) a. Click on "add roles and Features"
- 3. b. Select the "Role-based or feature-based installation" check box in the next windows.
- 4. c. Check the "Active Directory Domain Service" d. Click on next and click on the "add Features " button e. Click next the "AD DS" and the "confirmation" screens f. Client on "Promote this server to a domain controller" link and then click on the close button in the confirmation screen g. At the Deployment Configuration step select the "add new forest" check box
- 5. My Root domain name will be "saworks.internal". h. Follow the remaining step to finalize your domain creation For the sake of simplicity, I am not adding the remaining screenshot. Please contact me on twitter (@lecadou), if you have any question. Add client to your new domain For this demo: • Every new client for this domain is in the same availability zone i.e the same subnet • I shut down the firewall on the client servers so that it can allow inbound traffics from the domain controller I use the following steps to join the " saworks.internal" domain 1. From Server Management select " Local server " 2. Click on " workgroup" to join to the domain
- 6. 3. Once completed the local server proprieties will change to the screen below At this step, I now have 2 servers in my domain " Saworks.internal". I will do the same for the last server, the SAN Client. Conclusion The Windows Domain on AWS is different than creating it on a private data center or on premise. The main challenge comes when you have to configure your VPC and its related features and services such as subnets, routes etc... Another key to this process is the shutdown of the windows firewall of the client servers to allow inbound traffic from the domain controller. Julien-Robert LECADOU,M.S jr@saworks.io, @lecadou , whatsup : 845 536 2631. Please contact me, if you face challenges moving to the cloud. I am here to help.